From owner-freebsd-security Tue Nov 12 16: 0: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F73437B401 for ; Tue, 12 Nov 2002 16:00:00 -0800 (PST) Received: from WS11040202.bytecraft.au.com (ws11040202.bytecraft.au.com [203.39.118.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 280BA43EA3 for ; Tue, 12 Nov 2002 15:59:59 -0800 (PST) (envelope-from MichaelCarew@bytecraftsystems.com) Received: from wombat.bytecraft.au.com (not verified[203.39.118.3]) by WS11040202.bytecraft.au.com with MailMarshal (4,2,5,0) id ; Wed, 13 Nov 2002 10:59:58 +1100 Received: from wscarewm (unknown [10.0.17.13]) by wombat.bytecraft.au.com (Postfix) with SMTP id BE9F13FB4 for ; Wed, 13 Nov 2002 10:59:57 +1100 (EST) Message-ID: <07fe01c28aa7$5bdeba10$0d11000a@wscarewm> From: "Michael Carew" To: References: <20021112172820.GV96637@techometer.net> <07dc01c28aa4$fdb51d50$0d11000a@wscarewm> <20021112234706.GB62028@hellblazer.nectar.cc> Subject: Re: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)] Date: Wed, 13 Nov 2002 10:58:12 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At least limiting it prevents someone setting up an authoritative server, then making a query to that domain off your name server. They are then reliant on a legitimate client querying the server with the malicious content, rather than them doing it themselves. Reducing the changes substantially I would imagine. ----- Original Message ----- From: "Jacques A. Vidrine" To: "Michael Carew" Cc: Sent: Wednesday, November 13, 2002 10:47 AM Subject: Re: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)] > On Wed, Nov 13, 2002 at 10:41:15AM +1100, Michael Carew wrote: > > One thing that the advisory seems to leave out, is limiting recursion, > > rather than disabling. > > It leaves it out because it doesn't help much. Your name server will > still query other name servers, and those other name servers (or > someone spoofing them, maybe) can send malicious replies that your > name server will process. > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > ************************************************************************ > This Email has been scanned for Viruses by MailMarshal > an automated gateway email virus scanner. > > ************************************************************************ > ************************************************************************ This Email has been scanned for Viruses by MailMarshal an automated gateway email virus scanner. ************************************************************************ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message